Friday, October 19, 2012

This post is just to summarize some quick facts about the problematic BHEK v2. Why problematic? Well this version of exploit kit has risen the bar in sophistication and is harder to detect, defend and find. It's currently driving many of us on the threat ops and intel side crazy so the sharing of information is paramount.

Sunday, August 19, 2012

With the rise of SIEM and IT operation data mining use-cases many organizations are investing or deciding on how to invest in centralized log management. I'm sure people wonder is there interesting open source alternatives or shall I even bother?

Well it depends, I think there are some great new options to test or keep an eye on, some fantastic mature commercial options and something in-between (Splunk).

Perl, MySQL and SOLR based solution which is said to be faster than Splunk at large data sets and seems to have a large following. There is currently no commercial backing or support and it looks that the web interface is highly usable but not rich with visualization options (a trait you will find common in the open source offerings).

Python and Django based solution by the guys from DISQUS. Seems to be an interesting HTTP based approach and looks high performance. Lots of documentation available, great option for the Python hackers (like me).

Java + ROR based streaming log aggregation. Looks very cool, it was created by an ex-google engineer now working at Loggly. Very actively maintained project with lots of documentation and some cool features. This one is definitely worth checking out.

Moxie Marlinspike does it again. The eclectic hacker who previously brought you SSLStrip now has released (@ Defcon 20) a utility and advisory on cracking MSCHAPv2 which powers most PPTP VPN.
Get the code here: https://github.com/moxie0/chapcrack
Suggestion is to migrate to OpenVPN for a more secure VPN setup.
Also if your bored read some of his excellent stories

Tuesday, June 12, 2012

Friday, April 13, 2012

Back in the day I would use dnscache and sometimes even bind for local network or localhost cacheing recursive DNS. I was hoping there was a newer, better, faster and easier to setup / maintain solution in 2012....